Brandon Anderson wrote:
What exactly stops me, a person wanting to impersonate that user, from
putting the same QR-Code I got from that public key into my own
keypair?
Nothing, if you obtained the pub key from a key server! The idea would
be that Alice and Bob, not having a CA, nor WoT signatures, while they
both never met in person, could make a duplicate without the photo-id,
which they always use and upload to key servers etc. and for
verification
purposes the could exchange the pub keys with to photo-id for comparison
of both keys. Once compared they both sign then the pub keys which have
no photo-id.
Regards
Stefan
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
